The Supply Chain in 2025: What to Expect
In 2025, the Supply Chain continues its evolution toward “Logistics 4.0,” inspired by Industry 4.0. Two major characteristics define this…
Simultaneous implementation of the SOLOCHAIN Warehouse Management System (WMS) in 5 distribution centers View the press release
The General Data Protection Regulation, or GDPR, is a regulation imposed on a European level that applies as of May 25, 2018 to all companies operating in the EU. Goal: regulate how companies, whether or not physically based in the EU, use customer data. This is a significant strategic challenge for companies because major financial penalties apply in the event of non-compliance (up to 4% of a company’s worldwide turnover).
This new regulation reinforces professional obligations in terms of personal data processing. Unlike the approach initially taken in France by the French data protection agency (CNIL), the GDPR does not impose prior notification. Companies must be able to attest, at all times, their compliance with data protection regulations, most notably by maintaining a record of processing activities.
According to the GDPR, personal data means any information relating to an identified or identifiable natural person: identity, a contact email address, contact details, IP address, etc. All companies with customer databases are thus affected and must, as of now, enter into a transition phase.
The notions “Privacy by design” and “Privacy by default” reveal the need to consider personal data protection right from the start of project conception. This mechanism also means that only the data necessary for the company to achieve its objectives, which must be clearly conveyed, must be collected and processed.
To comply with the GDPR, the way new information systems are conceived will have to change and certain existing IS will have to be entirely redesigned. “Privacy by design” particularly affects software developers and companies seeking to implement data-driven tools, such as a CRM.
To facilitate the application of measures in company, the GDPR has created the position of a data protection officer (DPO). Designating a DPO is mandatory in:
Companies that are not initially bound by this obligation should also designate a DPO to demonstrate that they have understood the magnitude of data protection challenges.
Designated based on their expertise in law and personal data protection, DPOs take on the role of conductor to govern data protection in the company. Their tasks include:
In addition to designating a DPO, the GDPR also establishes the obligation to provide notification of data breaches. This obligation falls on the controller/processor who is in charge of notifying the data protection authority of breaches.
For all new projects involving the processing of personal data, the instructing party and its controller must first determine if the project will affect the privacy rights of the people involved. If the answer is yes, they must show that the project complies with the notion of “Privacy by design”. It is important to highlight that the subcontractor is no longer in charge of doing this prior work, which now falls under the responsibility of the instructing party.
The GDPR also provides the right for individuals to be given back the information concerning them that companies have processed. This data can then be transferred to a third party if needed.
In order for companies to be able to respond to requests for data, they must implement a system for accessing all data collected on an individual. These companies, which may be pharmacies, banks or insurance providers, are now obligated to transmit all data in unencrypted format to the person in question or another controller.
This measure, established before the publication of the GDPR, has been made explicit with this regulation. In order to collect personal data, the customer must be aware and freely give his or her specific informed consent. This consent corresponds to a defined purpose and cannot be attributed to a set of applications, no matter how similar they may be.
In order to secure company operations, data collection and processing will have to be standardized, which represents a major investment for marketing departments.
In 2025, the Supply Chain continues its evolution toward “Logistics 4.0,” inspired by Industry 4.0. Two major characteristics define this…
On October 15, the French tax administration officially announced the partial abandonment of the PPF (Public Billing Portal), a decision…
For several months now, uncertainty has surrounded the pilot phase of the e-invoicing reform. Initially planned for early 2024, it…
Work with our team to build your ideal supply chain software stack and tailor it to your unique business needs.